Skip to content

Commit

Permalink
5G NF infra example
Browse files Browse the repository at this point in the history 
Signed-off-by: junior <[email protected]>
  • Loading branch information
@junior
junior committed Dec 5, 2022
1 parent 46476f3 commit 33ec033
Show file tree
Hide file tree
Showing 8 changed files with 563 additions and 0 deletions.
67 changes: 67 additions & 0 deletions examples/5G-NF-Infra/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
# Terraform Scripts for deploying the Unreal Pixel Streaming infrastructure on OCI OKE

## Deploy Using the Terraform CLI

### Clone the Module

Clone the source code from suing the following command:

```bash
git clone github.com/oracle-quickstart/oke-unreal-pixel-streaming
```

```bash
cd oke-unreal-pixel-streaming/deploy/terraform
```

### Updating Terraform variables

```bash
cp terraform.tfvars.example terraform.tfvars
```

Update the `terraform.tfvars` file with the required variables, including the OCI credentials information.

Make sure that the information of the Instance Shape on each Node Pool are correct and you have enough quota to deploy the infrastructure, including the GPU nodes. This scripts defaults to `BM.GPU.A10.4`.

### Running Terraform

After specifying the required variables you can run the stack using the following commands:

```bash
terraform init
```

```bash
terraform plan
```

```bash
terraform apply
```

### Destroying the Stack

```bash
terraform destroy -refresh=false
```

> Note: The `-refresh=false` flag is required to prevent Terraform from attempting to refresh the state of the kubernetes API url, which will return `localhost` without the refresh-false.
### Deploying the demo app

After the infrastructure is deployed, you can deploy the demo app using the following commands:

```bash
kubectl create ns demo
```

```bash
kubectl apply -f ../demo.yaml
```

> Note: Demo App uses Prebuilt images are included with this repo, along with a demo Pixel Streaming image. You can build your own images using the instructions [here](../README.md#pixel-streaming-build).
## Questions

If you have an issue or a question, please take a look at our [FAQs](./FAQs.md) or [open an issue](https://github.com/oracle-quickstart/oke-unreal-pixel-streaming/issues/new).
1 change: 1 addition & 0 deletions examples/5G-NF-Infra/VERSION
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
0.0.3
250 changes: 250 additions & 0 deletions examples/5G-NF-Infra/networking.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,250 @@
# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
#

# Network locals
locals {
vcn_cidr_blocks = split(",", var.vcn_cidr_blocks)
network_cidrs = {
VCN-MAIN-CIDR = local.vcn_cidr_blocks[0] # e.g.: "10.75.0.0/16" = 65536 usable IPs
VCN-NATIVE-POD-NETWORKING-REGIONAL-SUBNET-CIDR = cidrsubnet(local.vcn_cidr_blocks[0], 1, 1) # e.g.: "10.20.128.0/17" = 32766 usable IPs (10.20.128.0 - 10.20.255.255)
SUBNET-5GC-OAM-CIDR = cidrsubnet(local.vcn_cidr_blocks[0], 9, 128) # e.g.: "10.75.64.0/25" = 128 usable IPs
SUBNET-5GC-SIGNALLING-CIDR = cidrsubnet(local.vcn_cidr_blocks[0], 9, 129) # e.g.: "10.75.64.128/25" = 128 usable IPs
SUBNET-5G-RAN-CIDR = cidrsubnet(local.vcn_cidr_blocks[0], 11, 520) # e.g.: "10.75.65.0/27" = 32 usable IPs
SUBNET-LEGAL-INTERCEPT-CIDR = cidrsubnet(local.vcn_cidr_blocks[0], 11, 521) # e.g.: "10.75.65.32/27" = 32 usable IPs
SUBNET-5G-EPC-CIDR = cidrsubnet(local.vcn_cidr_blocks[0], 11, 522) # e.g.: "10.75.65.64/27" = 32 usable IPs
ALL-CIDR = "0.0.0.0/0"
}
}

# Extra Security Lists for the 5G NF
locals {
extra_security_lists = [
{
security_list_name = "5gc_oam_security_list"
display_name = "5GC OAM Security List"
ingress_security_rules = concat(local.common_5g_security_list_ingress_rules, local.temp_all_vcn_security_list_ingress_rules)
egress_security_rules = concat(local.common_5g_security_list_egress_rules, local.temp_all_vcn_security_list_egress_rules)
},
{
security_list_name = "5gc_signalling_security_list"
display_name = "5GC Signalling (SBI) Security List"
ingress_security_rules = concat(local.common_5g_security_list_ingress_rules, local.temp_all_vcn_security_list_ingress_rules)
egress_security_rules = concat(local.common_5g_security_list_egress_rules, local.temp_all_vcn_security_list_egress_rules)
},
{
security_list_name = "5g_ran_security_list"
display_name = "5G RAN Security List"
ingress_security_rules = concat(local.common_5g_security_list_ingress_rules, local.temp_all_vcn_security_list_ingress_rules)
egress_security_rules = concat(local.common_5g_security_list_egress_rules, local.temp_all_vcn_security_list_egress_rules)
},
{
security_list_name = "legal_intercept_security_list"
display_name = "Legal Intercept Security List"
ingress_security_rules = concat(local.common_5g_security_list_ingress_rules, local.temp_all_vcn_security_list_ingress_rules)
egress_security_rules = concat(local.common_5g_security_list_egress_rules, local.temp_all_vcn_security_list_egress_rules)
},
{
security_list_name = "5g_epc_security_list"
display_name = "5G EPC Security List"
ingress_security_rules = concat(local.common_5g_security_list_ingress_rules, local.temp_all_vcn_security_list_ingress_rules)
egress_security_rules = concat(local.common_5g_security_list_egress_rules, local.temp_all_vcn_security_list_egress_rules)
}, {
security_list_name = "5g_for_pods_security_list"
display_name = "5G subnets x pods Security List"
ingress_security_rules = [{
description = "Allow 5GC OAM to pod communication"
source = lookup(local.network_cidrs, "SUBNET-5GC-OAM-CIDR")
source_type = "CIDR_BLOCK"
protocol = local.security_list_ports.all_protocols
stateless = false
tcp_options = { max = -1, min = -1, source_port_range = null }
udp_options = { max = -1, min = -1, source_port_range = null }
icmp_options = null
}, {
description = "Allow 5GC Signalling (SBI) to pod communication"
source = lookup(local.network_cidrs, "SUBNET-5GC-SIGNALLING-CIDR")
source_type = "CIDR_BLOCK"
protocol = local.security_list_ports.all_protocols
stateless = false
tcp_options = { max = -1, min = -1, source_port_range = null }
udp_options = { max = -1, min = -1, source_port_range = null }
icmp_options = null
}, {
description = "Allow 5G RAN to pod communication"
source = lookup(local.network_cidrs, "SUBNET-5G-RAN-CIDR ")
source_type = "CIDR_BLOCK"
protocol = local.security_list_ports.all_protocols
stateless = false
tcp_options = { max = -1, min = -1, source_port_range = null }
udp_options = { max = -1, min = -1, source_port_range = null }
icmp_options = null
}, {
description = "Allow 5G Legal Intercept to pod communication"
source = lookup(local.network_cidrs, "SUBNET-LEGAL-INTERCEPT-CIDR")
source_type = "CIDR_BLOCK"
protocol = local.security_list_ports.all_protocols
stateless = false
tcp_options = { max = -1, min = -1, source_port_range = null }
udp_options = { max = -1, min = -1, source_port_range = null }
icmp_options = null
}, {
description = "Allow 5G EPC to pod communication"
source = lookup(local.network_cidrs, "SUBNET-5G-EPC-CIDR ")
source_type = "CIDR_BLOCK"
protocol = local.security_list_ports.all_protocols
stateless = false
tcp_options = { max = -1, min = -1, source_port_range = null }
udp_options = { max = -1, min = -1, source_port_range = null }
icmp_options = null
}]
egress_security_rules = []
},
]
common_5g_security_list_ingress_rules = [{
description = "Allow pods to communicate with 5G subnets"
source = lookup(local.network_cidrs, "VCN-NATIVE-POD-NETWORKING-REGIONAL-SUBNET-CIDR")
source_type = "CIDR_BLOCK"
protocol = local.security_list_ports.all_protocols
stateless = false
tcp_options = { max = -1, min = -1, source_port_range = null }
udp_options = { max = -1, min = -1, source_port_range = null }
icmp_options = null
}, {
description = "Path discovery"
source = lookup(local.network_cidrs, "ALL-CIDR")
source_type = "CIDR_BLOCK"
protocol = local.security_list_ports.icmp_protocol_number
stateless = false
tcp_options = { max = -1, min = -1, source_port_range = null }
udp_options = { max = -1, min = -1, source_port_range = null }
icmp_options = { type = "3", code = "4" }
}]
common_5g_security_list_egress_rules = [{
description = "Allow 5G subnets to communicate with pods"
destination = lookup(local.network_cidrs, "VCN-NATIVE-POD-NETWORKING-REGIONAL-SUBNET-CIDR")
destination_type = "CIDR_BLOCK"
protocol = local.security_list_ports.all_protocols
stateless = false
tcp_options = { max = -1, min = -1, source_port_range = null }
udp_options = { max = -1, min = -1, source_port_range = null }
icmp_options = null
}, {
description = "Path discovery"
destination = lookup(local.network_cidrs, "ALL-CIDR")
destination_type = "CIDR_BLOCK"
protocol = local.security_list_ports.icmp_protocol_number
stateless = false
tcp_options = { max = -1, min = -1, source_port_range = null }
udp_options = { max = -1, min = -1, source_port_range = null }
icmp_options = { type = "3", code = "4" }
}]
temp_all_vcn_security_list_ingress_rules = [{
description = "Allow all from VCN"
source = lookup(local.network_cidrs, "ALL-CIDR")
source_type = "CIDR_BLOCK"
protocol = local.security_list_ports.all_protocols
stateless = false
tcp_options = { max = -1, min = -1, source_port_range = null }
udp_options = { max = -1, min = -1, source_port_range = null }
icmp_options = null
}]
temp_all_vcn_security_list_egress_rules = [{
description = "Allow all to VCN"
destination = lookup(local.network_cidrs, "ALL-CIDR")
destination_type = "CIDR_BLOCK"
protocol = local.security_list_ports.all_protocols
stateless = false
tcp_options = { max = -1, min = -1, source_port_range = null }
udp_options = { max = -1, min = -1, source_port_range = null }
icmp_options = null
}]
security_list_ports = {
http_port_number = 80
https_port_number = 443
k8s_api_endpoint_port_number = 6443
k8s_api_endpoint_to_worker_port_number = 10250
k8s_worker_to_control_plane_port_number = 12250
ssh_port_number = 22
tcp_protocol_number = "6"
udp_protocol_number = "17"
icmp_protocol_number = "1"
all_protocols = "all"
}
}

# Extra Subnets for for the 5G NF
locals {
extra_subnets = [
{
subnet_name = "5GC_OAM_subnet"
cidr_block = lookup(local.network_cidrs, "SUBNET-5GC-OAM-CIDR")
display_name = "5GC OAM subnet"
dns_label = "sn5gcoam"
prohibit_public_ip_on_vnic = true
prohibit_internet_ingress = true
route_table_id = null
alternative_route_table_name = "private"
dhcp_options_id = ""
security_list_ids = []
extra_security_list_names = ["5gc_oam_security_list"]
ipv6cidr_block = null
},
{
subnet_name = "5GC_Signalling_subnet"
cidr_block = lookup(local.network_cidrs, "SUBNET-5GC-SIGNALLING-CIDR")
display_name = "5GC Signalling (SBI) subnet"
dns_label = "sn5gcsig"
prohibit_public_ip_on_vnic = true
prohibit_internet_ingress = true
route_table_id = null
alternative_route_table_name = "private"
dhcp_options_id = ""
security_list_ids = []
extra_security_list_names = ["5gc_signalling_security_list"]
ipv6cidr_block = null
},
{
subnet_name = "5G_RAN_subnet"
cidr_block = lookup(local.network_cidrs, "SUBNET-5G-RAN-CIDR")
display_name = "5G RAN subnet"
dns_label = "sn5gran"
prohibit_public_ip_on_vnic = true
prohibit_internet_ingress = true
route_table_id = null
alternative_route_table_name = "private"
dhcp_options_id = ""
security_list_ids = []
extra_security_list_names = ["5g_ran_security_list"]
ipv6cidr_block = null
},
{
subnet_name = "Legal_Intercept_subnet"
cidr_block = lookup(local.network_cidrs, "SUBNET-LEGAL-INTERCEPT-CIDR")
display_name = "Legal Intercept subnet"
dns_label = "snlegalin"
prohibit_public_ip_on_vnic = true
prohibit_internet_ingress = true
route_table_id = null
alternative_route_table_name = "private"
dhcp_options_id = ""
security_list_ids = []
extra_security_list_names = ["legal_intercept_security_list"]
ipv6cidr_block = null
},
{
subnet_name = "5G_EPC_subnet"
cidr_block = lookup(local.network_cidrs, "SUBNET-5G-EPC-CIDR")
display_name = "5G EPC subnet"
dns_label = "sn5gcepc"
prohibit_public_ip_on_vnic = true
prohibit_internet_ingress = true
route_table_id = null
alternative_route_table_name = "private"
dhcp_options_id = ""
security_list_ids = []
extra_security_list_names = ["5g_epc_security_list"]
ipv6cidr_block = null
},
]
}
41 changes: 41 additions & 0 deletions examples/5G-NF-Infra/oke.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
#

################################################################################
# OKE Cluster
################################################################################
module "oke-quickstart" {
source = "github.com/oracle-quickstart/terraform-oci-oke-quickstart?ref=0.8.9"

# Oracle Cloud Infrastructure Tenancy and Compartment OCID
tenancy_ocid = var.tenancy_ocid
compartment_ocid = var.compartment_ocid
region = var.region

# Note: Just few arguments are showing here to simplify the basic example. All other arguments are using default values.
# App Name to identify deployment. Used for naming resources.
app_name = "Dev 5G NF Example"

# Freeform Tags + Defined Tags. Tags are applied to all resources.
tag_values = { "freeformTags" = { "Environment" = "Development", "DeploymentType" = "5G example", "QuickstartExample" = "5G-NF-Infra" }, "definedTags" = {} }

# VCN for OKE arguments
vcn_cidr_blocks = var.vcn_cidr_blocks
extra_security_lists = local.extra_security_lists
extra_subnets = local.extra_subnets

# OKE Node Pool 1 arguments
node_pool_cni_type_1 = "OCI_VCN_IP_NATIVE" # Use "FLANNEL_OVERLAY" for overlay network or "OCI_VCN_IP_NATIVE" for VCN Native PODs Network. If the node pool 1 uses the OCI_VCN_IP_NATIVE, the cluster will also be configured with same cni
cluster_autoscaler_enabled = true
node_pool_name_1 = "pool1"
node_pool_initial_num_worker_nodes_1 = 5 # Minimum number of nodes in the node pool
node_pool_max_num_worker_nodes_1 = 10 # Maximum number of nodes in the node pool
node_pool_instance_shape_1 = var.node_pool_instance_shape_1
extra_security_list_name_for_nodes = "5g_for_pods_security_list"
extra_security_list_name_for_vcn_native_pod_networking = "5g_for_pods_security_list"

# Cluster Tools
# ingress_nginx_enabled = true
# cert_manager_enabled = true
}
Loading

0 comments on commit 33ec033

Please sign in to comment.